From ae549e9a89f61a2cc006d4b77d9d352f7d82bea0 Mon Sep 17 00:00:00 2001
From: Julio Biason <julioandre@cwi.com.br>
Date: Wed, 16 Apr 2014 11:49:48 -0300
Subject: [PATCH] make sure non-members cannot get the results

---
 tests/vote_tests.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tests/vote_tests.py b/tests/vote_tests.py
index 27e7617..3eef1d3 100644
--- a/tests/vote_tests.py
+++ b/tests/vote_tests.py
@@ -299,6 +299,17 @@ class TestVote(LunchoTests):
         self.assertTrue(data['closed'])    # voting shouldn't be closed yet
         return
 
+    def test_get_results_not_member(self):
+        """Try to get the results of a group when the user is not a member."""
+        group = self._group()
+        user = self.create_user(name='newUser',
+                                create_token=True)
+
+        rv = self.get('/vote/{group_id}/'.format(group_id=group.id),
+                      token=user.token)
+        self.assertJsonError(rv, 403, 'User is not member of this group')
+        return
+
 
 if __name__ == '__main__':
     unittest.main()